| Document type | contract |
|---|---|
| Date | 2024-11-01 |
| Source URL | https://go.boarddocs.com/wa/ohsd/Board.nsf/files/DAKRJ26E2701/$file/Whidbey%20Health%20Agreements%2011%202024.pdf |
| Entity | oak_harbor_school_district (Island Co., WA) |
| Entity URL | https://www.ohsd.net |
| Raw filename | Whidbey%20Health%20Agreements%2011%202024.pdf |
| Stored filename | 2024-11-01-whidbeyhealthagreements-contract.txt |
Parent document: Regular Board Meeting-11-12-2024.pdf
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (“BAA”) is entered into by and between Whidbey Island Public Hospital District No. 1, Island County, Washington d/b/a WhidbeyHealth (“Covered Entity”), and Oak Harbor High School (“Business Associate”). This Agreement supersedes and replaces in entirety all existing agreements between Business Associate and Covered Entity concerning the subject matter of this BAA, but in no way alters or amends any provisions of any additional agreements between the parties. RECITALS A. The parties have entered into, and may in the future enter into, one or more written agreements that require Business Associate to receive, maintain or transmit Protected Health Information (“PHI”) on behalf of Covered Entity (“Underlying Agreement(s)”). B. The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”) and their implementing regulations codified at 45 C.F.R. Parts 160 and 164, and any other implementing regulations applicable to privacy and security of PHI (“HIPAA Regulations”), govern the use and disclosure of PHI. Cc. Covered Entity and Business Associate desire to ensure compliance with the HIPAA Regulations and applicable state laws regarding PHI. D. Business Associate acknowledges that, as a business associate, it is directly responsible to comply with the HIPAA Regulations. NOW, THEREFORE, in consideration of the terms, conditions and covenants hereinafter set forth, the parties agree as follows: 1. DEFINITIONS 1.1. Regulatory Definitions, Unless otherwise defined in this BAA, all capitalized terms used in this BAA have the meanings ascribed in the HIPAA Regulations; provided, however, that “PHI” and “ePHI” shall mean PHI and Electronic PHI, respectively, as defined in the HIPAA Regulations, limited to the information Business Associate received from or created or received on behalf of Covered Entity as Covered Entity’s Business Associate. 1.2. Administrative Safeguards. “Administrative Safeguards” shall have the same meaning as the term “administrative safeguards” in the HIPAA Regulations, with the exception that it shall apply to the management of the conduct of Business Associate’s workforce, not Covered Entity’s workforce, in relation to the protection of that information. 1.3. Covered Entity. For purposes of this BAA, Covered Entity shall include Covered Entity and all entities that participate in an Organized Health Care Arrangement with Covered Entity who may receive services from Business Associate under the Underlying Agreement(s). | 2. OBLIGATIONS OF THE BUSINESS ASSOCIATE WITH RESPECT TO PHI 2.1. Use and Disclosure of PHI. Business Associate shall not Use or Disclose PHI received from the Covered Entity other than as permitted or required by this BAA or as Required By Law. 2.2. Safeguards. Business Associate agrees to use appropriate administrative, physical and technical safeguards, to prevent Use or Disclosure of PHI other than as provided for by this BAA, including policies and procedures to implement and maintain administrative, technical, and physical safeguards appropriate to the size and complexity of Business Associate’s operations and the nature and scope of its activities. 2.3. Notification. Business Associate shall report in writing to Covered Entity any Use or Disclosure of PHI not provided for by this BAA within ten (10) days of Business Associate becoming aware of such Use or Disclosure of PHI not provided for this BAA. 2.4. Agents and Subcontractors. Business Associate agrees to ensure in a contract or other written agreement that any agents and subcontractors to whom a Business Associate provides PHI, created, maintained, transmitted or recerved by Business Associate on behalf of Covered Entity, agree to the same restrictions, conditions and requirements that apply to Business Associate under this BAA. Under no circumstances may Business Associate or its agents or subcontractors move any PHI outside the United States without the express, advance, written permission of Covered Entity. 2.5. Access to Information. Within ten (10) days of receiving a written request from Covered Entity, Business Associate shall make available to the Covered Entity PHI, in electronic _ form and format requested by the Covered Entity if such format is readily available, necessary for Covered Entity to respond to Individuals’ requests for access to PHI about them in the event that the PHI in Business Associate’s possession constitutes a Designated Record Set. In the event any individual requests access to PHI directly from Business Associate, Business Associate shall within five (5) business days forward such request to the Covered Entity. 2.6. Availability of PHI for Amendment. Within ten (10) days of receiving a written request from Covered Entity, Business Associate shall make available to the Covered Entity PHI for amendment and incorporate any amendments to the PHI in accordance with 45 C.F.R. Part 164 Subpart E (“Privacy Rule”) in the event that the PHI in Business Associate’s possession constitutes a Designated Record Set. 2.7. iccounting of Disclosures. Within ten (10) days of receiving a written request from Covered Entity, Business Associate shall make available to the Covered Entity the information required for the Covered Entity to provide an accounting of disclosures of PHI as required by the Privacy Rule. Business Associate shall provide the Covered Entity with the following information: (i) the date of the disclosure, (ii) the name of the entity or person who received the PHI, and if known, the address of such entity or person, (iii) a brief description of the PHI disclosed, and (iv) one of the following, as applicable: (a) a brief statement of the purpose of such disclosure which includes an explanation that reasonably informs the individual of the basis for such disclosure or in lieu of such statement; (b) a copy of a written request from the Secretary of Health and Human Services to investigate or determine compliance with HIPAA; or (c) a copy of the individual’s request for an accounting. In the event the request for an accounting is delivered directly to Business Associate, Business Associate shall within five (5) business days forward such request to the Covered Entity. 2.8. Responsibility of Business Associate. To the extent Business Associate is directed under the Underlying Agreements(s) or this BAA to carry out one or more of Covered Entity’s obligations under the HIPAA Regulations, Business Associate shall comply with the requirements of the HIPAA regulations that apply to the Covered Entity in performance of such obligations. 2.9. Availability of Books and Records. Business Associate agrees to make its policies, procedures, internal practices, books and records relating to its compliance with this BAA available to the Secretary of Health and Human Services for purposes of determining Covered Entity’s compliance with the Privacy and Security Rule. Upon request by Covered Entity, Business Associate shall make its policies, procedures, internal practices, books and records relating to this BAA available to the Covered Entity. 2.10. Mitigation of Harm. Business Associate agrees to use reasonable commercial efforts to mitigate any harmful effect that is known to Business Associate of a Use or Disclosure of PHI by Business Associate in violation of the requirements of this BAA. 2.11. Protection of ePHI, Business Associate agrees to implement Administrative Safeguards, Physical Safeguards, and Technical Safeguards (“Safeguards”) that reasonably and appropriately protect the Confidentiality, Integrity, and Availability of ePHI as required by 45 C.F.R. Part 164 Subpart C (“Security Rule”). Accordingly, Business Associate shall: a. _ ensure the protection under this Section 2.11 extends to District PHI obtained from District in any databases or collections of data containing District PHI, unless such PHI is determined to comply with the standards of De-Identified Health Information at the time it is used to create such databases or collections of data. b. apply the requirements of this Section 2.11 even if PHI is made anonymous by removing any identifying information unless such PHI is determined to comply with the standards for De-Identified Health Information. c. ensure that all storage and/or transmissions of PHI are authorized and protect District PHI from improper access. i. When information must travel across lines of communication where both ends are not under the control of District, Business Associate agrees to use, at a _ minimum, strong authentication and encryption to protect the PHI. ii. When PHI is stored by Business Associate on non-District storage devices, ' computers or other portable devices or systems of any kind or nature, such ~ information shall at all times be encrypted unless District has authorized, in writing, the use of non-encrypted techniques by Business Associate. d. ensure that its staff is properly trained in the handling of PHI under State and Federal law and District policies. e. not compile aggregate information, claims or loss data, recovery rates, actuarial data, claims trends or trend analysis, diagnostic or diagnostic group information, RVU conversion factors, or any other De-Identified Information, from District files, processes or materials, without the express written consent of District (which consent is implied to the extent that Business Associate is an insurer or claims adjuster of District.). 2.12. Notification of Security Incident. Business Associate shall report in writing to Covered Entity any suspected or known Security Incident; mitigate, to the extent practicable, harmful effects of Security Incidents that are known to Business Associate; and document Security Incidents and their outcomes within ten (10) days of Business Associate becoming aware of the incident; provided, however, that notice is hereby deemed provided, and no further notice will be provided by Business Associate, for unsuccessful attempts at unauthorized access, use, disclosure, modification, or destruction, such as pings and other broadcast attacks on a firewall, denial of service attacks, port cans, unsuccessful login attempts, or interception of encrypted information where the key is not compromised, or any combination of the above. 2.13. Notification of Breach of Unsecured PHI, Following the discovery of a Breach of unsecured PHI Business Associate must notify the Covered Entity in writing of such breach within ten (10) days of becoming aware of the breach. Such notice shall include: (a) The identification of each type of unsecured PHI and the individual(s) whose unsecured PHI has been or is reasonably believed by Business Associate to have been accessed, acquired, or disclosed during such breach. (b) A brief description of what happened, including the date of the breach and the date of the discovery of the breach, if known. (c) A brief description of what the Business Associate is doing to investigate the breach, to mitigate losses, and to protect against any further breaches. 2.14. Notification to Affected Individuals. District may provide notice or may require Business Associate to provide notice to any or all individuals affected by a Breach Incident, In such case, Business Associate shall consult with District regarding appropriate steps required to notify third parties. Business Associate must obtain District review and approval prior to any notification to any individual, media outlet, or to the Secretary regarding a Breach involving District PHI. | | | 2.15. Notification of Audit. Business Associate shall notify within five (5) business days District’s Privacy Officer and/or Security Officer if Business Associate becomes the subject of a Department of Health and Human Services audit pursuant to 42 USC § 17940. 3. PERMITTED USES AND DISCLOSURES OF PHI 3.1. Seope of Permitted Uses. Business Associate shall only Use or Disclose PHI the amount and content of PHI necessary to meet the requirements of its obligations to Covered Entity. Business Associate may not Use or Disclose PHI in a manner that would violate the HIPAA Regulations if done by Covered Entity. Except as otherwise specified in this BAA, Business Associate may only Use or Disclose PHI as necessary to perform its obligations under the Underlying Agreement(s) or as Required by law. 3.2. Management and Administration. Business Associate may use and disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are Required By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as Required By Law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. 3.3. Data Aggregation. Business Associate may provide data aggregation services relating to the health care operations of Covered Entity, if such activity is permitted under the Underlying Agreement(s). 3.4. De-identified PHI. Business Associate may de-~identify PHI it receives from District pursuant to 45 CFR § 164.514, but Business Associate may not sell or disclose de- identified information to any third party unless District has first approved such use or disclosure in writing. 3.5. Specific Authorization. Business Associate may Use and Disclose PHI received pursuant to an authorization that specifically permits disclosure to Business Associate and that complies with the HIPAA Regulations. 4. PROBIBITED USES AND DISCLOSURES OF PHI 4.1. Prohibited Uses. Business Associate may not Use or Disclose PHI in a manner that is not permitted in Section 3. Prohibited Uses and Disclosures include, but are not limited to the following: (a) | Business Associate shall not use or disclose PHI for fundraising or marketing purposes, unless expressly permitted under the Underlying Agreement(s). (b) — Business Associate shall not disclose PHI to a health plan for payment or health care operations purposes if the patient has requested this special restriction and has paid out of pocket in full for the health care item or service to which the PHI solely relates. (c) | Business Associate shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted in the HIPAA Regulations; however, this prohibition shall not affect payment by Covered Entity to Business Associate for services provided pursuant to the Underlying Agreement. | (d) Business Associate shall not use PHI for research purposes without Covered Entity’s|written authorization. 3. TERM AND TERMINATION 5.1. Term. This BAA shall be effective on the earliest effective date for any Underlying Agreements and shall remain in effect until terminated pursuant to Section 5.2 below, or upon termination of all of the Underlying Agreements. \ 5.2. Termination. Should Covered Entity become aware of a pattern of activity or practice that constitutes a material breach of a material term of this BAA by Business Associate, the Covered Entity shall provide Business Associate with written notice of such breach in sufficient detail to enable Business Associate to understand the specific nature of the breach. Covered Entity shall be entitled to immediately terminate the Underlying Agreement(s) if Business Associate breaches a material term of this BAA, or, at Covered Entity’s election, Covered Entity shall be entitled to immediately terminate the Underlying Agreement(s) if after Covered Entity provides the notice to Business Associate, Business Associate fails to cure the breach within a reasonable time period, which shall not be more than thirty (30) days; provided, however, that such time period specified by Covered Entity shall be based on the nature of the breach involved. 5.3: Effect of Termination. Except as provided in Section 5.4, upon termination or expiration of this BAA or the Underlying Agreement(s) for any reason, Business Associate shall return or destroy all PHI received from Covered Entity or created or received by Business Associate on behalf of Covered Entity. Business Associate shall not retain copies of PHI. This provision shall apply to PHI in possession of subcontractors or agents of Business Associate. 5.4. Return or Destruction Infeasible. In the event that Business Associate reasonably determines that returning or destroying the PHI is infeasible, Business Associate shall notify Covered Entity in writing of the basis for its determination. If Covered Entity agrees that returning or destroying the PHI is infeasible, Business Associate shall extend the protections of this BAA to such PHI and limit further Uses and Disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI. This provision shall survive the termination or expiration of this BAA and/or any Underlying Agreement. If Covered Entity does not agree that returning or destroying the PHI is infeasible, then Business Associate shall either: (1) return or destroy all PHI in compliance with Section 5.3 of this BAA; or (2) notify Coy ered Entity that it elects to submit this issue for determination under the dispute resolution ‘roves identified in Section 6.8. | | 6. | MISCELLANEOUS 6.1. Interpretation. The terms of this BAA shall prevail in the case of any conflict with the terms of any Underlying Agreement to the extent necessary to allow Covered Entity and Business Associate to comply with the HIPAA Regulations. 6.2. No Third Party Beneficiaries, Nothing in this BAA shall confer upon any person other than the Parties and their respective successors or assigns, any rights, remedies, obligations, or liabilities whatsoever. 6.3. Amendment. To the extent that any relevant provision of the HIPAA Regulations is materially amended in a manner that changes the obligations of Business Associates or Covered Entities, the Parties agree to negotiate in good faith appropriate amendments to this BAA to give effect to these revised obligations. | 6.4. Survival. The respective rights and obligations of Business Associate and Covered Entity under the provisions of Sections 5.3, 5:4, 6.1, 6.4, 6.9, 6.10, 6.11; and Sections 2, 3, and 4 solely with respect to PHI the Business Associate retains in accordance with Section 5.4 because it is not feasible to return or destroy such PHI, shall survive termination of this BAA indefinitely. 6.5. isclatmer. DISTRICT MAKES NO WARRANTY OR REPRESENTATION THAT COMPLIANCE BY BUSINESS ASSOCIATE WITH THIS AGREEMENT OR THE HIPAA OR HITECH REGULATIONS WILL BE ADEQUATE OR SATISFACTORY FOR BUSINESS ASSOCIATE’S OWN PURPOSES OR THAT ANY INFORMATION IN THE POSSESSION OF BUSINESS ASSOCIATE OR SUBJECT TO ITS CONTROL, OR TRANSMITTED OR RECEIVED BY THE BUSINESS ASSOCIATE, IS OR WILL BE SECURE FROM UNAUTHORIZED USE OR DISCLOSURE. BUSINESS ASSOCIATE IS SOLELY RESPONSIBLE FOR ALL DECISIONS MADE BY BUSINESS ASSOCIATE REGARDING THE SAFEGUARDING OF PHI OR ELECTRONIC PHI. 6.6. Notices. Any notices to be given hereunder to a party shall be made via U.S. Mail or express courier to rier to such party’s address given below, and/or (other than for the delivery of fees) via facsimile to the facsimile telephone numbers listed below. If to Covered Entity: WhidbeyHealth 101 N Main St Coupeville WA 98239 Attention: June Meehan Email Address: meehaj@whidbeyhealth.org If to Business Associate: Oak Harbor High School 1 Wildcat Way Oak Harbor WA 98277 Attention: Roy Cone Email Address: rcone@ohsd.net Each party named above may change its address for notice by the giving of notice thereof in the manner hereinabove provided. 6.7. Counterparts; Facsimiles. This BAA may be executed in any number of counterparts, each of which shall be deemed an original. Facsimile copies hereof shall be deemed to be originals. 6.8. Severability. If any provision of this BAA, or any other agreement document, or writing pursuant to or in connection with this BAA, is found to be wholly or partially invalid or unenforceable, the remainder of the agreement is unaffected. 6.9. Disputes. If any controversy, dispute or claim arises between the parties with respect to this BAA, the parties shall make good faith efforts to resolve such matters informally and in accordance with any dispute resolution process specified in the Underlying Agrecments. 6.10. Regulatory References. A reference in this BAA to a section in the HIPAA Regulations means the section as in effect or as amended. 6.11. Indemnity. Each Party (the “Indemnifying Party”) will indemnify and hold harmless the other Party (the “Indemnified Party”) and its affiliates, officers, directors, employees or agents from and against any claim, cause of action, liability, damage, cost or expense, including reasonable attorneys’ fees and court or proceeding costs, arising out of or in connection with any non-permitted or prohibited Use or Disclosure of PHI or other breach of this Agreement by the Indemnifying Party or any Subcontractor, agent, person or entity under the Indemnifying Party’s control. IN WITNESS WHEREOF, each of the undersigned has caused this BAA to be duly executed in its name and on its behalf. COVERED ENTITY BUSINESS ASSOCIATE Whidbey Island Public Hospital District DBA WhidbeyHealth Title: Title: Date: Date: UNIFORM CLINICAL EDUCATION AFFILIATION AGREEMENT } | This AGREEMENT is between Oak Harbor High School, (“School”) and Whidbey Island Public Hospital District, d/b/a WhidbeyHealth (“WhidbeyHealth”) with respect to an educational experience as WhidbpyHealts for one or more of the School’s students (“Program”). WHEREAS, the parties hereto desire to cooperate in establishing a continuing educational relationship to assist in the education of students by the School; and WHEREAS, ? idbeyHealth operates a facility with the capacity to provide a site for teaching and practical education for students enrolled in School; and WHEREAS, the School desires to obtain for its students through WhidbeyHealth the benefit of education and experience needed by its students to prepare them for careers in health care; and WHEREAS, neither party intends for this AGREEMENT to alter in any way its respective legal rights or its legal obligations to any third party; NOW, THEREFORE, in consideration of the mutual covenants and agreements contained herein, the parties agree as follows: A. Responsibilities of the School 1. The School will use its best efforts to prepare students selected for participation in the Program for effective participation in the training phase of their overall education. All students who participate in the Program shall, at a minimum, receive training prior to commencement of the Program in the following areas: a. Blood Bore Pathogens; 23 The School will retain ultimate responsibility for the education of its students. 3. Unless otherwise agreed to in writing by WhidbeyHealth, School shall provide WhidbeyHealth with the names of all students that will be participating in the Program, as well as any preferred placement locations for individual students, no later than thirty (30) days in advance of the start of the Program. WhidbeyHealth does not guarantee that students will be placed in their preferred department/location. Placement decisions for individual students will vary according to department need and/or availabifity. 4, The School will advise all students participating in the Program regarding the confidentiality of patient/client records and patient/client information imparted during the training experience. The School will also advise all students that the confidentiality requirements survive the termination or expiration of this AGREEMENT. 5. (a) . School will require all participating students to have documented appropriate immunizations on file with the School, ; immunization or titer for Measles, Mumps & Rubella, Chicken Pox (Varicella) and a Tdap Vaccination (Tetnus, Diptheria and Pertussis). Upon request by WhidbeyHealth, the School shall provide satisfactory evidence that this requirement has been met. 6. The School will advise students that they are required to comply with WhidbeyHealth tules, regulations, and procedures, and that each student will be required to sign a confidentiality agreement (students under 18 must also obtain a signature from a parent or guardian). 7. If requested by WhidbeyHealth, the School wiil provide instruction to WhidbeyHealth staff with respect to the evaluation/performance of all the School's students at WhidbeyHealth. 8. The School will maintain adequate insurance coverage for all students who participate in the program described by the AGREEMENT. By virtue of this contract, the School warrants and represents to WhidbeyHealth that its students are insured. 9, The School shall indemnify and hold harmless WhidbeyHealth, its representatives, agents, directors, employees, and all other persons from all claims or actions brought against WhidbeyHealth that are related to or the result of any of School’s students participation in the Program. B. Responsibilities of WhidbeyHealth 1. WhidbeyHealth will require all participating students to pass a criminal background check prior to commencement of the program. WhidbeyHealth will conduct the background check per WhidbeyHealth Policy. All students must have satisfactorily completed the background check prior to their first day on site. 2. WhidbeyHealth has a responsibility to maintain a positive, respectful, and adequately resourced learning environment so that sound educational experiences can occur. Therefore, WhidbeyHealth will provide students and faculty with access to appropriate resources for the student’s education at WhidbeyHealth. 3. WhidbeyHealth will retain full responsibility for care of the patients and will maintain administrative and professional supervision of students insofar as their presence and program assignments affect the operation of WhidbeyHealth and its care, direct and indirect, of patients. 4, WhidbeyHealth staff will, upon request, assist the School in the evaluation of the learning and performance of participating students by completing evaluation forms provided by and returned to the School in a timely fashion. 5. WhidbeyHealth will provide for the orientation of School’s participating students as to WhidbeyHealth’s rules, regulations, procedures, and policies of WhidbeyHealth. 6. In the event a student is exposed to an infectious or environmental hazard or other occupational injury; (i.e. needle stick) while at WhidbeyHealth, WhidbeyHealth will provide such emergency care as is provided its employees, including, where applicable: examination and evaluation 2 by WhidbeyHealth’s ethergency department or other appropriate facility as soon as possible after the injury; emergency medical care immediately following the injury as necessary; initiation of the HBV, Hepatitis C (HCV), and HIV protocol as necessary; and HIV counseling and appropriate testing as necessary. In the event: that WhidbeyHealth does not have the resources to provide such emergency care, WhidbeyHealth will refer such student to the nearest emergency facility. The student will be responsible for any charges thus generated. 7. Whidb WvHealth, its employees, agents and representatives shall maintain in confidence student files and personal information and limit access to only those employees or agents with a need to know and agrees tojcomply with the Family Educational Rights and Privacy Act, to the same extent as such laws and regul ations apply to the School. For the purposes of this AGREEMENT, pursuant to FERPA, School hereby designates WhidbeyHealth as a School official with a legitimate educational interest in the educational records of the student(s) who participate in the Program to the extent that access to the records is required by WhidbeyHealth to carry out the Program. 8. Upon request, WhidbeyHealth will provide proof that it maintains liability insurance in an amount that is ronment reasonable. 9. WhidbeyHealth will provide written notification to the School promptly if a claim arises involving a student. 10. | WhidbeyHealth will resolve any situation in favor of its patients’ welfare and may remove a student from his or her role until the incident can be resolved by the staff in charge of the student or the student is removed from the Program. WhidbeyHealth will notify the School’s course director if such an action is required. 11. | WhidbeyHealth shall identify a site coordinator from among its staff who will communicate and cooperate with the School’s faculty regarding the training experience. C. Mutual Responsibilities 1. Representatives for each party will be established on or before the execution of this AGREEMENT. | 2. The|parties will work together to maintain an environment of high quality patient care. At the request of either party, a meeting (in person or by phone) will promptly be heid between School and WhidbeyHealth representatives to resolve any problems or develop any improvements in the operation of the training program. | 3. The School will provide qualified and competent individuals in adequate number for the instruction and supervision of students using the School facilities. WhidbeyHealth will provide qualified and competent faculty members in adequate number for the instruction and supervision of students using WhidbeyHealth facilities. 4. The School and WhidbeyHealth will not discriminate against any person on the basis of race, color, religion, national origin, sex, marital status, sexual orientation, gender identity, age, disability, veteran status, or any other non-merit factor in employment, educational program, or 3 activities that it operates. 5. The School, including its faculty, staff, and students, and WhidbeyHealth share responsibility for creating an appropriate learning environment that includes both formal learning activities and the attitudes, values, and informal "lessons" conveyed by individuals who interact with the student. 6. WhidbeyHealth may request the removal of any student whom WhidbeyHealth determines is not performing in accordance with its applicable administrative and patient care policies, procedures, rules, and/or regulations. Such request must be in writing, and must include a statement of the reason or reasons why WhidbeyHealth desires to have the student removed. The student must be afforded by the School an opportunity to respond in writing to the statements. However, WhidbeyHealth may: immediately remove from the premises any student who poses an immediate threat or danger to personnel or to the quality of medical services, or for unprofessional behavior. WhidbeyHealth will notify the appropriate office of the School if such an action is required. The School may terminate a student’s participation when, in its sole discretion, further participation by the student would no longer be appropriate. The School will notify WhidbeyHealth if such action is required 7. School acknowledges that students will not be placed in a position to provide or assist in the provision of patient care. D. Term and Termination This AGREEMENT will commence as of the date first written above and will continue indefinitely or until terminated. This AGREEMENT may be terminated at any time and for any reason by either party upon not less than ninety (90) days prior written notice to the other party. Should notice of termination be given under this Section, students then scheduled to WhidbeyHealth will be permitted to complete any previously scheduled educational assignment at WhidbeyHealth. E. Employment Disclaimer Except for purposes of determining who is a member of WhidbeyHealth’s s “workforce” under HIPAA, as defined under 45 CFR 160.103, the students participating in the program will not be considered employees or agents of WhidbeyHealth or School for any purpose. Students will not be entitled to receive any compensation from WhidbeyHealth or School or any benefits of employment from WhidbeyHealth or School, including but not limited to, health care or workers’ compensation benefits, vacation, sick time, or any other benefit of employment, direct or indirect, WhidbeyHealth will not be required to purchase any form of insurance for the benefit or protection of any student of the School. F. No Agency Relationship Between the Parties Nothing in this AGREEMENT is intended to or shall be construed to constitute or establish an agency, employer/employee, partnership, franchise, or fiduciary relationship between the parties; and neither party shall have the right or authority or shall hold itself out to have the right or authority to bind the other party, nor shall either party be responsible for the acts or omissions of the other except as provided specifically to the contrary herein. G. Assignment This AGREEMENT will not be assigned by either party without the prior written consent of the other. H. Notices All notices or other communications provided by either party to the other will be in writing, and will be deemed to have been duly given when delivered personally or when deposited in the United States mail, First Class, postage prepaid, at the respective addresses identified below: | TO School: Oak Harbor High School 1 Wildcat Way Oak Harbor Wa. 98277 TO WhidbeyHealth: WhidbeyHealth, Attn: Volunteer Coordinator 101 North Main Street Coupeville, WA 98239 I. Review This AGREEMENT shall be subject to review by the School and WhidbeyHealth every three (3) years. Any modification to this AGREEMENT proposed during said review must be consented to in writing by both School and WhidbeyHealth. J. Indemnification Each party to this AGREEMENT shall be responsible for damage to persons or property resulting from the negligence on the part of itself, its employees, agents or its officers. Neither party assumes any responsibility to the other party for the consequences of any act or omission of any person, firm or corporation not a party to this AGREEMENT. K. No Payments No payments shall be made between the parties or to the students in connection with this AGREEMENT. L. Severability The invalidity of any provision of this AGREEMENT will not affect the validity of any other provisions. | M. Headlines Headlines in this AGREEMENT are for convenience only. 5 N. Entire Agreement This AGREEMENT contains the entire agreement between the parties hereto and supersedes any and all prior negotiations, commitments, agreements and understandings between the parties. No amendment, consent or waiver of terms of this AGREEMENT shall bind either party unless in writing and signed by both parties. Any such amendment, consent or waiver shall be effective only in the specific instance and for the specific purpose given. The parties, by the signature below of their authorized representatives, acknowledge having read and understood the AGREEMENT and agree to be bound by its terms and conditions. School: By: _ Date: WhidbeyHealth: By: Date: 09/10/24 Name: Mike Bailey Title: Volunteer Coordinator